Five Key Takeaways from Q3 2017 DDoS Attack Action

As much as you may want to look away, once in a while it’s necessary to survey a giant mess in the hopes of learning from what happened and trying to prevent future disasters. Kitchen fire-related incidents, for one. A situation involving a teenage son or daughter and the state of your home while you were out of town qualifies. A previous quarter’s DDoS attack landscape is also well worth delving into since identifying attack trends could very well keep them from being attack trends once again.

Defeating DDOS Attack

1. DDoS Trends Forced a Change in How Attacks are Measured

Once upon a time, up until Q2 of 2017, for the purposes of their quarterly landscape report Incapsula used to consider a DDoS attack over after an assault-free period of ten minutes. However, as 2017 wore on, professional attackers began leaning heavily on attack strategies that involved hitting a target with successive DDoS bursts, some of which were over 10 minutes apart but were assuredly a part of the same overall attack. Pulse wave attacks are one such burst attack method.

This burst attack method became so pervasive that Incapsula has actually changed their methodology in order to better classify attacks as a result. An attack is now considered over after an assault-free period of 60 minutes. Successive attacks against the same target can now be accurately classified as one burst attack instead of multiple quick attacks.

2. It’s déjà vu for Network Layer Attack Targets

In the third quarter of 2017 a full 57.8% of sites or services targeted by a network layer attack were targeted at least twice. Worse yet, 29.7% of those repeat targets were aimed at over ten times. Ten attempted network layer attacks.

For organizations without DDoS protection this is a nightmare scenario that could lead to massive bandwidth bills on top of the devastation of the outages. For organizations with on-premise DDoS protection that requires the services of IT personnel, this is a nightmare scenario that badly interrupts business processes.

3. Network Layer Attacks are Getting Bigger as Well

When it rains, it pours, and then it snows and freezes and everything is terrible. Not only are network layer attacks becoming frustratingly persistent, but network layer attacks with a high packet-forwarding rate – at least 50 Mpps – are on the rise as well.

These attacks may have ‘only’ increased to 5% of all network layer attacks, but it’s an alarming trend because even some professional distributed denial of service mitigation solutions are going to struggle with attacks of this size. Before investing in a mitigation solution, websites and businesses will want to inquire about the capacity of the scrubbing servers available. Attacks are already reaching 100+ Mpps, so scrubbing servers need to currently be besting that by at least several hundred Mpps.

4. Bitcoin isn’t Just Hot with the Cryptocurrency-Buying Masses

If it suddenly seems like you’re seeing mentions of Bitcoin basically everywhere, it’s probably because you are. Bitcoin has blown up, and with the added attention has come an influx of DDoS attack on the industry.

Bitcoin has leapfrogged onto the list of top 10 most targeted industries, landing at number eight just ahead of transportation and behind media and publishing. This newly-minted bullseye status is likely due to a combination of all the attention the industry is receiving, competition between Bitcoin exchanges, and the ability to manipulate Bitcoin prices with DDoS attack. Whatever the exact reason, Bitcoin and other high-growth digital industries need to be aware that with success comes large blasts of malicious traffic.

5. There’s Been a Shake-up with the Top Attacking and Attacked Countries

For years the United States has held the dubious distinction of being the top most attacked country when it comes to DDoS assaults, but in the third quarter of last year it handed over the top spot to Hong Kong. This relatively small nation landed at the top in large part thanks to a single campaign against a hosting provider, with over 700 separate attacks aimed at it. The Philippines and Taiwan also made surprise appearances on the top 10 most attacked countries list due to DDoS campaigns against local gambling websites.

On the attacking side of things, no one challenged for China’s constant crown as the top attacking country, but there was a continuation from Q2 2017 in an attacking activity uptick from Turkey and India. In Q2 the two combined to account for 3.9% of attacking activity, and in Q3 that figure rose to 11.2%. Now more than ever, DDoS attacks are going global. Botnet builders are branching out from the usual countries where they infect computers and devices, and websites in businesses that may have previously thought they were flying under the radar thanks to their location are being walloped.

The Ultimate Takeaway

Once in a while, after surveying a giant mess and learning the important lessons you can from it, you need to take a step back and just admit you don’t want to deal with any of that. Investing in DDoS mitigation as a managed service is the only way to ensure you don’t really need to worry about network layer attack size or persistence or the new attack method professional cybercriminals are all about these days. With cloud-based professional DDoS protection you might just have the time to mine all the other messes in your life for important lessons. Or you could use that time to do something more enjoyable, which is very nearly anything. Wouldn’t the world just be your oyster.